2 min read

Google gives away 10,000 free security keys to high-risk users

Graham CLULEY

October 12, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google gives away 10,000 free security keys to high-risk users

10,000 high-risk users are being provided with free hardware security keys by Google, with the aim of better protecting their accounts from hackers.

Google says it is sending out the free Titan two-factor authentication (2FA) security keys - that provide a phishing-resistant layer of protection - to groups such as politicians, journalists, and human rights activists, who are considered to be particularly at risk from state-sponsored attackers.

Users who enable Google Advanced Protection (APP) and use a hardware security key, will need both their password and the physical key to log into their account. Meanwhile, existing Google authentication services which are less secure than a hardware key will no longer work.

Google's announcement comes in the wake of the technology giant displaying alerts to approximately 14,000 users that their accounts had been targeted by Russia-backed hackers.

Shane Huntley, director of Google's Threat Analysis Group (TAG), confirmed on Twitter that the hacking group which prompted the large number of alerts was APT28 (also known as Fancy Bear), which has been behind a spate of high profile attacks in recent years.

Perhaps most infamously, APT28 was responsible for hacking into Hillary Clinton's presidential campaign and the DNC.

Huntley explained to high-risk users that it was inevitable someone would attempt to compromise their account at some point.

In a tweet, Huntley posted:

"If you are an activist/journalist/government official or work in NatSec, this warning honestly shouldn't be a surprise. At some point some govt backed entity probably will try to send you something."

Google says that it blocked all of the malicious emails in the latest attack, but because it believed users had been targeted by a government-backed gang it warned them of the attempted hack.

The message from Google is clear: hackers backed by the Russian government have stepped up their attacks and are not afraid of targeting a large number of potential victims at once.  Even though Google has seemingly done a good job so far at intercepting the attacks, users should still be on their guard.

And for high-risk users, raised awareness, patching, and adoption of a hardware based 2FA solution such as a security key is a sensible step towards significantly strengthening defenses.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

WhatsApp Users Can Enable End-To-End Encrypted Chat Backups on iOS and Android Devices WhatsApp Users Can Enable End-To-End Encrypted Chat Backups on iOS and Android Devices
Alina BÎZGĂ

October 15, 2021

1 min read
Google gives away 10,000 free security keys to high-risk users Google gives away 10,000 free security keys to high-risk users
Graham CLULEY

October 12, 2021

2 min read
Bank of America employee indicted for email scam that targeted businesses Bank of America employee indicted for email scam that targeted businesses
Graham CLULEY

October 12, 2021

2 min read